Other protocols monitoring - SMTP

In the SMTP section you set parameters for the SMTP analyzer, that is, user identification, depth of analysis, reported errors, availability, reporting options and others.

General

You can monitor SMTP traffic based on various configuration settings, such as user identification, collecting information on messages and attachments and reported error codes.

  • Set the Identification to ON.

  • Select the Derive user identification from domain of the FROM field checkbox.

  • Define an extended POSIX regular expression to extract the user identification from the FROM or TO field.
    To use a regular expression to extract the user identification from the FROM field, define the regular expression in the User identification extraction regular expression edit box and make sure that the identification method, determined in the Identification list is not Off ; it can be Derived from the FROM and TO message fields or Limit to the FROM domain name. Then make sure that one of the following is true:

    • The address of the sending client is on the list of monitored servers.
    • The address of the receiving server is included in the software service definition and the sending client's IP address belongs to a range defined in the IP Address Ranges table.
    • The address of the receiving server is included in the software service definition and the domain of the client matches one of the domains listed in the Domains of Interest list.
      To use a regular expression to extract the user identification from the TO field, define the regular expression in the User identification extraction regular expression field and set Identification to Derived from the FROM and TO message fields. The IP address of the receiving server should be included in the software service definition.

    For example, the following regex:

    (.*)@[mycompany.com](http://mycompany.com)$

    will match “john.smith@mycompany ” and will extract “john.smith

    You can test the patterns that will be used by the NAM Probe using the Regular Expressions Test tool, which is activated after you click Test located next to the regular expression pattern field.

  • Define the error codes for Server, Authorization, and Not Found categories.
    The error codes are reported for software services based on the SMTP analyzer. The default list of error codes can be freely modified according to your needs. Based on the lists, errors observed in monitored traffic are added to appropriate counters and reported accordingly.

Availability

To view information about SMTP failures in DMI reports, access the Availability tab and configure the appearance of a specific failure type in a DMI report.

You can configure database availability globally or at the software service level.

For global configuration, open NAM Console ► Deployment ► Manage devices, NAM Probe Configuration ► Open configuration, Global ► Other Protocols Monitoring ► SMTP ► Availability. For the software service level, select the Availability tab in the Edit Rule window.

The following failure types are provided from which you can choose to enable or disable their appearance.

Transport failures

No response
An incomplete response (a hit with no response from a server). Enabled by default.

SMTP server errors
Enabled by default. The following errors are included in this error category:

  • 421: The service is not available and the connection will be closed.
  • 450: The requested command failed because the user's mailbox was unavailable (such as being full). Try again later.
  • 452: The command has been aborted because the server has insufficient system storage.
  • 554: The transaction failed for some unstated reason.

SMTP UnAuth errors

  • 500: The server could not recognize the command due to a syntax error.
  • 501: A syntax error was encountered in command arguments.
  • 502: This command is not implemented.
  • 503: The server has encountered a bad sequence of commands.
  • 504:: A command parameter is not implemented.

SMTP Not Found errors

Enabled by default. The following errors are included in this error category:

  • 450: The mailbox has been corrupted or placed on an offline server, or the user's email has not been accepted for IP problems or blacklisting.
  • 550: The requested command failed because the user's mailbox was unavailable (such as not found).
  • 551: The recipient is not local to the server.
  • 552: The action was aborted due to exceeded storage allocation.
  • 553: The command was aborted because the mailbox name is invalid.